Notifications
Clear all
Topic starter
07/06/2026 8:13 pm
TL;DR: Cyber Security Tribe’s annual state of the industry report says 40% of CISO executives are prioritising data security investments in 2024, using people, process, and technology as the benchmark for planning according to Cyera. That shift makes data security programme design a business planning issue, not just a tooling discussion.
NHIMG editorial — based on content published by Cyera: Cyber Security Tribe’s Annual State of the Industry Report
Questions worth separating out
Q: How should security teams prioritise data security investment across IAM and governance programmes?
A: Start by mapping where sensitive data is concentrated, who and what can access it, and which teams own the controls.
Q: Why do people, process, and technology matter together in data security planning?
A: Because data security failures usually come from misalignment between ownership, operating procedures, and tooling coverage.
Q: How can organisations tell whether their data security programme is actually improving?
A: Look for fewer unknown data stores, clearer ownership of sensitive datasets, faster access review completion, and measurable reductions in overexposed information.
Practitioner guidance
- Align data security investments to identity governance priorities Map the report's people, process, and technology themes to your current IAM, NHI, and data governance roadmap.
- Inventory sensitive-data access paths across all identity types Trace which human users, service accounts, and application identities can reach sensitive data in SaaS and cloud environments.
- Tie classification to lifecycle controls Use data classification outputs to drive access review, offboarding, and entitlement reduction for accounts that touch high-risk datasets.
What's in the full report
Cyera's full report covers the operational detail this post intentionally leaves for the source:
- The executive survey breakdown behind the 40% data security investment priority figure.
- The report's benchmarking view of how organisations are balancing people, process, and technology.
- Shane Coleman’s commentary on emerging data security trends and implementation challenges.
- The broader priorities and business-alignment questions that the source report uses to frame future investment.
👉 Read Cyera's annual state of the industry report on data security priorities →
Data security investment priorities in 2024: what teams need now?
Explore further
07/06/2026 10:03 pm
Data security is no longer a back-office control stack, it is a governance priority that shapes identity strategy. When 40% of CISO executives prioritise investment in this area, the message is that visibility and control over data have become board-relevant questions. For IAM teams, that pushes data security out of a tooling conversation and into programme planning. The practitioner conclusion is that identity controls should be designed around where data risk concentrates, not where organisational charts place ownership.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
A question worth separating out:
Q: What is the difference between securing data and securing access to data?
A: Securing data focuses on protection mechanisms such as classification, encryption, and storage controls. Securing access to data focuses on who or what can reach it, for how long, and under what justification. In practice, both are needed because exposed access can defeat strong data controls.
👉 Read our full editorial: State of the industry report shows data security rising in priority
